Installing mod_security on EC2 is a piece of cake with this tutorial by our experts. 

At Bobcares, we offer solutions for every query, big and small, as a part of our AWS Support Services.

Let’s take a look at how our AWS Support Team helped our customers with installing mod_security on EC2.

Installing mod_security on EC2

Our Support Techs have put together this guide to help our customers and you install ModSecurity on EC2. To begin with, we have to run the following command:

# yum install mod_security –enablerepo=epel

Since epel repo is not enabled by default, we have to enable it as seen in the command above.

The mod_Security configuration files are at the following locations:

• /etc/httpd/conf.d/mod_security.conf

  This is the main config file for the mod_security Apache module.
• /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

  We can customize the configuration in this file as per our requirements before deployment.
• /var/log/httpd/modsec_debug.log

  We can use the debug messages in this file for debugging mod_security rules as well as other errors.
• /etc/httpd/modsecurity.d/

  This folder contains all the other configuration files for the mod_security Apache.
• /var/log/httpd/modsec_audit.log

  This log consists of requests that trigger a ModSecurity event or a server error.

After installing mod_security on EC2, we have to verify the ModSecurity engine is by running the following command and locating the line SecRuleEngine on:

more /etc/httpd/conf.d/mod_security.conf

How to setup mod_security on EC2

The OWASP or Open Web Application Security Project has a set of rules for ModSecurity. In other words, it offers a set of rules that offer protection for any web application.

We can add these rules to ModSecurity with the following commands:

cd ~
 sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/zipball/master
 sudo unzip -q master
 cd /etc/httpd
 sudo mv ~/SpiderLabs-owasp-modsecurity-crs-* modsecurity-crs
 cd modsecurity-crs
 sudo cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

After that, we have to edit the mod_security.conf file, in order to ensure the OWASP config file, is included during ModSecurity loading as seen below:

 cd ../conf.d
 sudo nano mod_security.conf

Then, we have to add these lines under # ModSecurity Core Rules Set and Local configuration:

 Include modsecurity-crs/local_rules/*.conf
 Include modsecurity-crs/modsecurity_crs_10_config.conf
 Include modsecurity-crs/base_rules/*.conf

At this point in time, we have to enable mod_unique_id Apache module as seen here:

sudo sed -i "s/#LoadModule unique_id_module modules\/mod_unique_id.so/LoadModule unique_id_module modules\/mod_unique_id.so/" /etc/httpd/conf/httpd.conf

Now, we have to restart Apache with this command:

sudo service httpd restart

In case, Apache fails to start and we get a message similar to the one below:

[alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of “ip-x-x-x-x”

We have to add this line to the instance’s host file as seen here:

sudo nano /etc/hosts
 127.0.0.1 ip-x-x-x-x localhost

We can test the rules are working with a simple SQL injection attempt on the URL as seen here:

http://ourdomianname.com/?username=1'%20or%20'1'%20=%20'1&password=1'%20or%20'1'%20=%20'1

If the rules are working, we will see a 403 error. We can also head to the httpd error log at /var/log/httpd/error_log to view the messages by ModSecurity.

Let us know how installing mod_security on EC2 works out. If you run into any trouble, our experts are available 24/7.

[Need assistance with a different issue? We are available 24/7.]

Conclusion

In a nutshell, our skilled AWS Support Engineers at Bobcares demonstrated how to install mod_security on EC2.